diff for duplicates of <20091002215544.GA7446@us.ibm.com> diff --git a/a/1.txt b/N1/1.txt index f5c1b3d..0552a6a 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -192,593 +192,3 @@ would you prefer I wait and resend after a re-base? thanks, -serge - -From 77a3a47895fd43e1593752a79b0b09d40744fb41 Mon Sep 17 00:00:00 2001 -From: Serge E. Hallyn <serue@us.ibm.com> -Date: Thu, 27 Aug 2009 08:19:36 -0700 -Subject: [PATCH 1/1] cr: add selinux support (v5) - -Documentation/checkpoint/readme.txt begins: -""" -Application checkpoint/restart is the ability to save the state -of a running application so that it can later resume its execution -from the time at which it was checkpointed. -""" - -This patch adds the ability to checkpoint and restore selinux -contexts for tasks, open files, and sysvipc objects. Contexts -are checkpointed as strings. For tasks and files, where a security -struct actually points to several contexts, all contexts are -written out in one string, separated by ':::'. - -The default behaviors are to checkpoint contexts, but not to -restore them. To attempt to restore them, sys_restart() must -be given the RESTART_KEEP_LSM flag. If this is given then -the caller of sys_restart() must have the new 'restore' permission -to the target objclass, or for instance PROCESS__SETFSCREATE to -itself to specify a create_sid. - -There are some tests under cr_tests/selinux at -git://git.sr71.net/~hallyn/cr_tests.git. - -A corresponding simple refpolicy (and /usr/share/selinux/devel/include) -patch is needed. - -The programs to checkpoint and restart (called 'checkpoint' and -'restart') come from git://git.ncl.cs.columbia.edu/pub/git/user-cr.git. -This patch applies against the checkpoint/restart-enabled kernel -tree at git://git.ncl.cs.columbia.edu/pub/git/linux-cr.git/. - -Changelog: - oct 02: (Stephen Smalley suggestions): - 1. s/__u32/u32/ - 2. enable the fown sid restoration - 3. use process_restore to authorize resetting osid - 4. don't make new hooks inline. - oct 01: Remove some debugging that is redundant with - avc log data. - sep 10: (Most addressing suggestions by Stephen Smalley) - 1. change xyz_get_ctx() to xyz_checkpoint(). - 2. check entrypoint permission on cred_restore - 3. always dec context length by 1 - 4. don't allow SECSID_NULL when that's not valid - 5. when SECSID_NULL is valid, restore it - 6. c/r task->osid - 7. Just print nothing instead of 'null' for SECSID_NULL - 8. sids are __u32, as are lenghts passed to sid_to_context. - -Signed-off-by: Serge E. Hallyn <serue@us.ibm.com> ---- - checkpoint/restart.c | 1 + - kernel/cred.c | 2 + - security/selinux/hooks.c | 367 ++++++++++++++++++++++++++ - security/selinux/include/av_perm_to_string.h | 5 + - security/selinux/include/av_permissions.h | 5 + - 5 files changed, 380 insertions(+), 0 deletions(-) - -diff --git a/checkpoint/restart.c b/checkpoint/restart.c -index 55bd2b5..008a116 100644 ---- a/checkpoint/restart.c -+++ b/checkpoint/restart.c -@@ -471,6 +471,7 @@ static int restore_read_header(struct ckpt_ctx *ctx) - /* to be implemented later, per-lsm */ - if (strcmp(ctx->lsm_name, "lsm_none") != 0 && - strcmp(ctx->lsm_name, "smack") != 0 && -+ strcmp(ctx->lsm_name, "selinux") != 0 && - strcmp(ctx->lsm_name, "default") != 0) { - pr_warning("c/r: RESTART_KEEP_LSM unsupported for %s\n", - ctx->lsm_name); -diff --git a/kernel/cred.c b/kernel/cred.c -index 06bc676..5eb09b8 100644 ---- a/kernel/cred.c -+++ b/kernel/cred.c -@@ -732,6 +732,8 @@ static int do_checkpoint_cred(struct ckpt_ctx *ctx, struct cred *cred) - if (!h) - return -ENOMEM; - -+ ckpt_debug("cred uid %d fsuid %d gid %d secref %d\n", cred->uid, -+ cred->fsuid, cred->gid, sec_ref); - h->uid = cred->uid; - h->suid = cred->suid; - h->euid = cred->euid; -diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c -index 8d8b69c..7e16a56 100644 ---- a/security/selinux/hooks.c -+++ b/security/selinux/hooks.c -@@ -76,6 +76,7 @@ - #include <linux/selinux.h> - #include <linux/mutex.h> - #include <linux/posix-timers.h> -+#include <linux/checkpoint.h> - - #include "avc.h" - #include "objsec.h" -@@ -2961,6 +2962,104 @@ static int selinux_file_permission(struct file *file, int mask) - return selinux_revalidate_file_permission(file, mask); - } - -+/* -+ * for file context, we print both the fsec->sid and fsec->fown_sid -+ * as string representations, separated by ':::' -+ * We don't touch isid - if you wanted that set you shoulda set up the -+ * fs correctly. -+ */ -+static char *selinux_file_checkpoint(void *security) -+{ -+ struct file_security_struct *fsec = security; -+ char *s1 = NULL, *s2 = NULL, *sfull; -+ u32 len1, len2, lenfull; -+ int ret; -+ -+ if (fsec->sid == 0 || fsec->fown_sid == 0) -+ return ERR_PTR(-EINVAL); -+ -+ ret = security_sid_to_context(fsec->sid, &s1, &len1); -+ if (ret) -+ return ERR_PTR(ret); -+ len1--; -+ ret = security_sid_to_context(fsec->fown_sid, &s2, &len2); -+ if (ret) { -+ kfree(s1); -+ return ERR_PTR(ret); -+ } -+ len2--; -+ lenfull = len1+len2+3; -+ sfull = kmalloc(lenfull+1, GFP_KERNEL); -+ if (!sfull) { -+ sfull = ERR_PTR(-ENOMEM); -+ goto out; -+ } -+ sfull[lenfull] = '\0'; -+ sprintf(sfull, "%s:::%s", s1, s2); -+ -+out: -+ kfree(s1); -+ kfree(s2); -+ return sfull; -+} -+ -+static int selinux_file_restore(struct file *file, char *ctx) -+{ -+ char *s1, *s2; -+ u32 sid1 = 0, sid2 = 0; -+ int ret = -EINVAL; -+ struct file_security_struct *fsec = file->f_security; -+ -+ /* -+ * Objhash made sure the string is null-terminated. -+ * We make a copy so we can mangle it. -+ */ -+ s1 = kstrdup(ctx, GFP_KERNEL); -+ if (!s1) -+ return -ENOMEM; -+ s2 = strstr(s1, ":::"); -+ if (!s2) -+ goto out; -+ -+ *s2 = '\0'; -+ s2 += 3; -+ if (*s2 == '\0') -+ goto out; -+ -+ /* SECSID_NULL is not valid for file sids */ -+ if (strlen(s1) == 0 || strlen(s2) == 0) -+ goto out; -+ -+ ret = security_context_to_sid(s1, strlen(s1), &sid1); -+ if (ret) -+ goto out; -+ ret = security_context_to_sid(s2, strlen(s2), &sid2); -+ if (ret) -+ goto out; -+ -+ if (sid1 && fsec->sid != sid1) { -+ ret = avc_has_perm(current_sid(), sid1, SECCLASS_FILE, -+ FILE__RESTORE, NULL); -+ if (ret) -+ goto out; -+ fsec->sid = sid1; -+ } -+ -+ if (sid2 && fsec->fown_sid != sid2) { -+ ret = avc_has_perm(current_sid(), sid2, SECCLASS_FILE, -+ FILE__FOWN_RESTORE, NULL); -+ if (ret) -+ goto out; -+ fsec->fown_sid = sid2; -+ } -+ -+ ret = 0; -+ -+out: -+ kfree(s1); -+ return ret; -+} -+ - static int selinux_file_alloc_security(struct file *file) - { - return file_alloc_security(file); -@@ -3219,6 +3318,187 @@ static int selinux_task_create(unsigned long clone_flags) - return current_has_perm(current, PROCESS__FORK); - } - -+#define NUMTASKSIDS 6 -+/* -+ * for cred context, we print: -+ * osid, sid, exec_sid, create_sid, keycreate_sid, sockcreate_sid; -+ * as string representations, separated by ':::' -+ */ -+static char *selinux_cred_checkpoint(void *security) -+{ -+ struct task_security_struct *tsec = security; -+ char *stmp, *sfull = NULL; -+ u32 slen, runlen; -+ int i, ret; -+ u32 sids[NUMTASKSIDS] = { tsec->osid, tsec->sid, tsec->exec_sid, -+ tsec->create_sid, tsec->keycreate_sid, tsec->sockcreate_sid }; -+ -+ if (sids[0] == 0 || sids[1] == 0) -+ /* SECSID_NULL is not valid for osid or sid */ -+ return ERR_PTR(-EINVAL); -+ -+ ret = security_sid_to_context(sids[0], &sfull, &runlen); -+ if (ret) -+ return ERR_PTR(ret); -+ runlen--; -+ -+ for (i = 1; i < NUMTASKSIDS; i++) { -+ if (sids[i] == 0) { -+ stmp = NULL; -+ slen = 0; -+ } else { -+ ret = security_sid_to_context(sids[i], &stmp, &slen); -+ if (ret) { -+ kfree(sfull); -+ return ERR_PTR(ret); -+ } -+ slen--; -+ } -+ /* slen + runlen + ':::' + \0 */ -+ if (slen) { -+ sfull = krealloc(sfull, slen + runlen + 3 + 1, GFP_KERNEL); -+ if (!sfull) { -+ kfree(stmp); -+ return ERR_PTR(-ENOMEM); -+ } -+ } -+ sprintf(sfull+runlen, ":::%s", stmp ? stmp : ""); -+ runlen += slen + 3; -+ kfree(stmp); -+ } -+ -+ return sfull; -+} -+ -+static inline int credrestore_nullvalid(int which) -+{ -+ int valid_array[NUMTASKSIDS] = { -+ 0, /* task osid */ -+ 0, /* task sid */ -+ 1, /* exec sid */ -+ 1, /* create sid */ -+ 1, /* keycreate_sid */ -+ 1, /* sockcreate_sid */ -+ }; -+ -+ return valid_array[which]; -+} -+ -+static int selinux_cred_restore(struct file *file, struct cred *cred, -+ char *ctx) -+{ -+ char *s, *s1, *s2 = NULL; -+ int ret = -EINVAL; -+ struct task_security_struct *tsec = cred->security; -+ int i; -+ u32 sids[NUMTASKSIDS]; -+ struct inode *ctx_inode = file->f_dentry->d_inode; -+ struct avc_audit_data ad; -+ -+ /* -+ * objhash made sure the string is null-terminated -+ * now we want our own copy so we can chop it up with \0's -+ */ -+ s = kstrdup(ctx, GFP_KERNEL); -+ if (!s) -+ return -ENOMEM; -+ -+ s1 = s; -+ for (i = 0; i < NUMTASKSIDS; i++) { -+ if (i < NUMTASKSIDS-1) { -+ ret = -EINVAL; -+ s2 = strstr(s1, ":::"); -+ if (!s2) -+ goto out; -+ *s2 = '\0'; -+ s2 += 3; -+ } -+ if (strlen(s1) == 0) { -+ ret = -EINVAL; -+ if (credrestore_nullvalid(i)) -+ sids[i] = 0; -+ else -+ goto out; -+ } else { -+ ret = security_context_to_sid(s1, strlen(s1), &sids[i]); -+ if (ret) -+ goto out; -+ } -+ s1 = s2; -+ } -+ -+ /* -+ * Check that these transitions are allowed, and effect them. -+ * XXX: Do these checks suffice? -+ */ -+ if (tsec->osid != sids[0]) { -+ ret = avc_has_perm(current_sid(), sids[0], SECCLASS_PROCESS, -+ PROCESS__RESTORE, NULL); -+ if (ret) -+ goto out; -+ tsec->osid = sids[0]; -+ } -+ -+ if (tsec->sid != sids[1]) { -+ struct inode_security_struct *isec; -+ ret = avc_has_perm(current_sid(), sids[1], SECCLASS_PROCESS, -+ PROCESS__RESTORE, NULL); -+ if (ret) -+ goto out; -+ -+ /* check whether checkpoint file type is a valid entry -+ * point to the new domain: we may want a specific -+ * 'restore_entrypoint' permission for this, but let's -+ * see if just entrypoint is deemed sufficient -+ */ -+ -+ AVC_AUDIT_DATA_INIT(&ad, FS); -+ ad.u.fs.path = file->f_path; -+ -+ isec = ctx_inode->i_security; -+ ret = avc_has_perm(sids[1], isec->sid, SECCLASS_FILE, -+ FILE__ENTRYPOINT, &ad); -+ if (ret) -+ goto out; -+ /* TODO: do we need to check for shared state? */ -+ tsec->sid = sids[1]; -+ } -+ -+ ret = -EPERM; -+ if (sids[2] != tsec->exec_sid) { -+ if (!current_has_perm(current, PROCESS__SETEXEC)) -+ goto out; -+ tsec->exec_sid = sids[2]; -+ } -+ -+ if (sids[3] != tsec->create_sid) { -+ if (!current_has_perm(current, PROCESS__SETFSCREATE)) -+ goto out; -+ tsec->create_sid = sids[3]; -+ } -+ -+ if (tsec->keycreate_sid != sids[4]) { -+ if (!current_has_perm(current, PROCESS__SETKEYCREATE)) -+ goto out; -+ if (!may_create_key(sids[4], current)) -+ goto out; -+ tsec->keycreate_sid = sids[4]; -+ } -+ -+ if (tsec->sockcreate_sid != sids[5]) { -+ if (!current_has_perm(current, PROCESS__SETSOCKCREATE)) -+ goto out; -+ tsec->sockcreate_sid = sids[5]; -+ } -+ -+ ret = 0; -+ -+out: -+ kfree(s); -+ return ret; -+} -+ -+ - /* - * detach and free the LSM part of a set of credentials - */ -@@ -4658,6 +4938,44 @@ static void ipc_free_security(struct kern_ipc_perm *perm) - kfree(isec); - } - -+static char *selinux_msg_msg_checkpoint(void *security) -+{ -+ struct msg_security_struct *msec = security; -+ char *s; -+ u32 len; -+ int ret; -+ -+ if (msec->sid == 0) -+ return ERR_PTR(-EINVAL); -+ -+ ret = security_sid_to_context(msec->sid, &s, &len); -+ if (ret) -+ return ERR_PTR(ret); -+ return s; -+} -+ -+static int selinux_msg_msg_restore(struct msg_msg *msg, char *ctx) -+{ -+ struct msg_security_struct *msec = msg->security; -+ int ret; -+ u32 sid = 0; -+ -+ ret = security_context_to_sid(ctx, strlen(ctx), &sid); -+ if (ret) -+ return ret; -+ -+ if (msec->sid == sid) -+ return 0; -+ -+ ret = avc_has_perm(current_sid(), sid, SECCLASS_MSG, -+ MSG__RESTORE, NULL); -+ if (ret) -+ return ret; -+ -+ msec->sid = sid; -+ return 0; -+} -+ - static int msg_msg_alloc_security(struct msg_msg *msg) - { - struct msg_security_struct *msec; -@@ -5061,6 +5379,47 @@ static void selinux_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid) - *secid = isec->sid; - } - -+static char *selinux_ipc_checkpoint(void *security) -+{ -+ struct ipc_security_struct *isec = security; -+ char *s; -+ u32 len; -+ int ret; -+ -+ if (isec->sid == 0) -+ return ERR_PTR(-EINVAL); -+ -+ ret = security_sid_to_context(isec->sid, &s, &len); -+ if (ret) -+ return ERR_PTR(ret); -+ return s; -+} -+ -+static int selinux_ipc_restore(struct kern_ipc_perm *ipcp, char *ctx) -+{ -+ struct ipc_security_struct *isec = ipcp->security; -+ int ret; -+ u32 sid = 0; -+ struct avc_audit_data ad; -+ -+ ret = security_context_to_sid(ctx, strlen(ctx), &sid); -+ if (ret) -+ return ret; -+ -+ if (isec->sid == sid) -+ return 0; -+ -+ AVC_AUDIT_DATA_INIT(&ad, IPC); -+ ad.u.ipc_id = ipcp->key; -+ ret = avc_has_perm(current_sid(), sid, SECCLASS_IPC, -+ IPC__RESTORE, &ad); -+ if (ret) -+ return ret; -+ -+ isec->sid = sid; -+ return 0; -+} -+ - static void selinux_d_instantiate(struct dentry *dentry, struct inode *inode) - { - if (inode) -@@ -5382,6 +5741,8 @@ static struct security_operations selinux_ops = { - .inode_getsecid = selinux_inode_getsecid, - - .file_permission = selinux_file_permission, -+ .file_checkpoint = selinux_file_checkpoint, -+ .file_restore = selinux_file_restore, - .file_alloc_security = selinux_file_alloc_security, - .file_free_security = selinux_file_free_security, - .file_ioctl = selinux_file_ioctl, -@@ -5396,6 +5757,8 @@ static struct security_operations selinux_ops = { - .dentry_open = selinux_dentry_open, - - .task_create = selinux_task_create, -+ .cred_checkpoint = selinux_cred_checkpoint, -+ .cred_restore = selinux_cred_restore, - .cred_free = selinux_cred_free, - .cred_prepare = selinux_cred_prepare, - .kernel_act_as = selinux_kernel_act_as, -@@ -5417,8 +5780,12 @@ static struct security_operations selinux_ops = { - - .ipc_permission = selinux_ipc_permission, - .ipc_getsecid = selinux_ipc_getsecid, -+ .ipc_checkpoint = selinux_ipc_checkpoint, -+ .ipc_restore = selinux_ipc_restore, - - .msg_msg_alloc_security = selinux_msg_msg_alloc_security, -+ .msg_msg_checkpoint = selinux_msg_msg_checkpoint, -+ .msg_msg_restore = selinux_msg_msg_restore, - .msg_msg_free_security = selinux_msg_msg_free_security, - - .msg_queue_alloc_security = selinux_msg_queue_alloc_security, -diff --git a/security/selinux/include/av_perm_to_string.h b/security/selinux/include/av_perm_to_string.h -index 31df1d7..a2c35d7 100644 ---- a/security/selinux/include/av_perm_to_string.h -+++ b/security/selinux/include/av_perm_to_string.h -@@ -19,6 +19,8 @@ - S_(SECCLASS_FILE, FILE__ENTRYPOINT, "entrypoint") - S_(SECCLASS_FILE, FILE__EXECMOD, "execmod") - S_(SECCLASS_FILE, FILE__OPEN, "open") -+ S_(SECCLASS_FILE, FILE__RESTORE, "restore") -+ S_(SECCLASS_FILE, FILE__FOWN_RESTORE, "fown_restore") - S_(SECCLASS_CHR_FILE, CHR_FILE__EXECUTE_NO_TRANS, "execute_no_trans") - S_(SECCLASS_CHR_FILE, CHR_FILE__ENTRYPOINT, "entrypoint") - S_(SECCLASS_CHR_FILE, CHR_FILE__EXECMOD, "execmod") -@@ -88,9 +90,11 @@ - S_(SECCLASS_PROCESS, PROCESS__EXECHEAP, "execheap") - S_(SECCLASS_PROCESS, PROCESS__SETKEYCREATE, "setkeycreate") - S_(SECCLASS_PROCESS, PROCESS__SETSOCKCREATE, "setsockcreate") -+ S_(SECCLASS_PROCESS, PROCESS__RESTORE, "restore") - S_(SECCLASS_MSGQ, MSGQ__ENQUEUE, "enqueue") - S_(SECCLASS_MSG, MSG__SEND, "send") - S_(SECCLASS_MSG, MSG__RECEIVE, "receive") -+ S_(SECCLASS_MSG, MSG__RESTORE, "restore") - S_(SECCLASS_SHM, SHM__LOCK, "lock") - S_(SECCLASS_SECURITY, SECURITY__COMPUTE_AV, "compute_av") - S_(SECCLASS_SECURITY, SECURITY__COMPUTE_CREATE, "compute_create") -@@ -107,6 +111,7 @@ - S_(SECCLASS_SYSTEM, SYSTEM__SYSLOG_READ, "syslog_read") - S_(SECCLASS_SYSTEM, SYSTEM__SYSLOG_MOD, "syslog_mod") - S_(SECCLASS_SYSTEM, SYSTEM__SYSLOG_CONSOLE, "syslog_console") -+ S_(SECCLASS_IPC, IPC__RESTORE, "restore") - S_(SECCLASS_CAPABILITY, CAPABILITY__CHOWN, "chown") - S_(SECCLASS_CAPABILITY, CAPABILITY__DAC_OVERRIDE, "dac_override") - S_(SECCLASS_CAPABILITY, CAPABILITY__DAC_READ_SEARCH, "dac_read_search") -diff --git a/security/selinux/include/av_permissions.h b/security/selinux/include/av_permissions.h -index d645192..58ad588 100644 ---- a/security/selinux/include/av_permissions.h -+++ b/security/selinux/include/av_permissions.h -@@ -101,6 +101,8 @@ - #define FILE__ENTRYPOINT 0x00040000UL - #define FILE__EXECMOD 0x00080000UL - #define FILE__OPEN 0x00100000UL -+#define FILE__RESTORE 0x00200000UL -+#define FILE__FOWN_RESTORE 0x00400000UL - #define LNK_FILE__IOCTL 0x00000001UL - #define LNK_FILE__READ 0x00000002UL - #define LNK_FILE__WRITE 0x00000004UL -@@ -453,6 +455,7 @@ - #define PROCESS__EXECHEAP 0x08000000UL - #define PROCESS__SETKEYCREATE 0x10000000UL - #define PROCESS__SETSOCKCREATE 0x20000000UL -+#define PROCESS__RESTORE 0x40000000UL - #define IPC__CREATE 0x00000001UL - #define IPC__DESTROY 0x00000002UL - #define IPC__GETATTR 0x00000004UL -@@ -462,6 +465,7 @@ - #define IPC__ASSOCIATE 0x00000040UL - #define IPC__UNIX_READ 0x00000080UL - #define IPC__UNIX_WRITE 0x00000100UL -+#define IPC__RESTORE 0x00000200UL - #define SEM__CREATE 0x00000001UL - #define SEM__DESTROY 0x00000002UL - #define SEM__GETATTR 0x00000004UL -@@ -483,6 +487,7 @@ - #define MSGQ__ENQUEUE 0x00000200UL - #define MSG__SEND 0x00000001UL - #define MSG__RECEIVE 0x00000002UL -+#define MSG__RESTORE 0x00000004UL - #define SHM__CREATE 0x00000001UL - #define SHM__DESTROY 0x00000002UL - #define SHM__GETATTR 0x00000004UL --- -1.6.1 diff --git a/a/content_digest b/N1/content_digest index e2c40bb..cc5dd12 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -203,596 +203,6 @@ "would you prefer I wait and resend after a re-base?\n" "\n" "thanks,\n" - "-serge\n" - "\n" - "From 77a3a47895fd43e1593752a79b0b09d40744fb41 Mon Sep 17 00:00:00 2001\n" - "From: Serge E. Hallyn <serue@us.ibm.com>\n" - "Date: Thu, 27 Aug 2009 08:19:36 -0700\n" - "Subject: [PATCH 1/1] cr: add selinux support (v5)\n" - "\n" - "Documentation/checkpoint/readme.txt begins:\n" - "\"\"\"\n" - "Application checkpoint/restart is the ability to save the state\n" - "of a running application so that it can later resume its execution\n" - "from the time at which it was checkpointed.\n" - "\"\"\"\n" - "\n" - "This patch adds the ability to checkpoint and restore selinux\n" - "contexts for tasks, open files, and sysvipc objects. Contexts\n" - "are checkpointed as strings. For tasks and files, where a security\n" - "struct actually points to several contexts, all contexts are\n" - "written out in one string, separated by ':::'.\n" - "\n" - "The default behaviors are to checkpoint contexts, but not to\n" - "restore them. To attempt to restore them, sys_restart() must\n" - "be given the RESTART_KEEP_LSM flag. If this is given then\n" - "the caller of sys_restart() must have the new 'restore' permission\n" - "to the target objclass, or for instance PROCESS__SETFSCREATE to\n" - "itself to specify a create_sid.\n" - "\n" - "There are some tests under cr_tests/selinux at\n" - "git://git.sr71.net/~hallyn/cr_tests.git.\n" - "\n" - "A corresponding simple refpolicy (and /usr/share/selinux/devel/include)\n" - "patch is needed.\n" - "\n" - "The programs to checkpoint and restart (called 'checkpoint' and\n" - "'restart') come from git://git.ncl.cs.columbia.edu/pub/git/user-cr.git.\n" - "This patch applies against the checkpoint/restart-enabled kernel\n" - "tree at git://git.ncl.cs.columbia.edu/pub/git/linux-cr.git/.\n" - "\n" - "Changelog:\n" - "\toct 02: (Stephen Smalley suggestions):\n" - "\t\t1. s/__u32/u32/\n" - "\t\t2. enable the fown sid restoration\n" - "\t\t3. use process_restore to authorize resetting osid\n" - "\t\t4. don't make new hooks inline.\n" - "\toct 01: Remove some debugging that is redundant with\n" - "\t\tavc log data.\n" - "\tsep 10: (Most addressing suggestions by Stephen Smalley)\n" - "\t\t1. change xyz_get_ctx() to xyz_checkpoint().\n" - "\t\t2. check entrypoint permission on cred_restore\n" - "\t\t3. always dec context length by 1\n" - "\t\t4. don't allow SECSID_NULL when that's not valid\n" - "\t\t5. when SECSID_NULL is valid, restore it\n" - "\t\t6. c/r task->osid\n" - "\t\t7. Just print nothing instead of 'null' for SECSID_NULL\n" - "\t\t8. sids are __u32, as are lenghts passed to sid_to_context.\n" - "\n" - "Signed-off-by: Serge E. Hallyn <serue@us.ibm.com>\n" - "---\n" - " checkpoint/restart.c | 1 +\n" - " kernel/cred.c | 2 +\n" - " security/selinux/hooks.c | 367 ++++++++++++++++++++++++++\n" - " security/selinux/include/av_perm_to_string.h | 5 +\n" - " security/selinux/include/av_permissions.h | 5 +\n" - " 5 files changed, 380 insertions(+), 0 deletions(-)\n" - "\n" - "diff --git a/checkpoint/restart.c b/checkpoint/restart.c\n" - "index 55bd2b5..008a116 100644\n" - "--- a/checkpoint/restart.c\n" - "+++ b/checkpoint/restart.c\n" - "@@ -471,6 +471,7 @@ static int restore_read_header(struct ckpt_ctx *ctx)\n" - " \t\t/* to be implemented later, per-lsm */\n" - " \t\tif (strcmp(ctx->lsm_name, \"lsm_none\") != 0 &&\n" - " \t\t\t\tstrcmp(ctx->lsm_name, \"smack\") != 0 &&\n" - "+\t\t\t\tstrcmp(ctx->lsm_name, \"selinux\") != 0 &&\n" - " \t\t\t\tstrcmp(ctx->lsm_name, \"default\") != 0) {\n" - " \t\t\tpr_warning(\"c/r: RESTART_KEEP_LSM unsupported for %s\\n\",\n" - " \t\t\t\t\tctx->lsm_name);\n" - "diff --git a/kernel/cred.c b/kernel/cred.c\n" - "index 06bc676..5eb09b8 100644\n" - "--- a/kernel/cred.c\n" - "+++ b/kernel/cred.c\n" - "@@ -732,6 +732,8 @@ static int do_checkpoint_cred(struct ckpt_ctx *ctx, struct cred *cred)\n" - " \tif (!h)\n" - " \t\treturn -ENOMEM;\n" - " \n" - "+\tckpt_debug(\"cred uid %d fsuid %d gid %d secref %d\\n\", cred->uid,\n" - "+\t\tcred->fsuid, cred->gid, sec_ref);\n" - " \th->uid = cred->uid;\n" - " \th->suid = cred->suid;\n" - " \th->euid = cred->euid;\n" - "diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c\n" - "index 8d8b69c..7e16a56 100644\n" - "--- a/security/selinux/hooks.c\n" - "+++ b/security/selinux/hooks.c\n" - "@@ -76,6 +76,7 @@\n" - " #include <linux/selinux.h>\n" - " #include <linux/mutex.h>\n" - " #include <linux/posix-timers.h>\n" - "+#include <linux/checkpoint.h>\n" - " \n" - " #include \"avc.h\"\n" - " #include \"objsec.h\"\n" - "@@ -2961,6 +2962,104 @@ static int selinux_file_permission(struct file *file, int mask)\n" - " \treturn selinux_revalidate_file_permission(file, mask);\n" - " }\n" - " \n" - "+/*\n" - "+ * for file context, we print both the fsec->sid and fsec->fown_sid\n" - "+ * as string representations, separated by ':::'\n" - "+ * We don't touch isid - if you wanted that set you shoulda set up the\n" - "+ * fs correctly.\n" - "+ */\n" - "+static char *selinux_file_checkpoint(void *security)\n" - "+{\n" - "+\tstruct file_security_struct *fsec = security;\n" - "+\tchar *s1 = NULL, *s2 = NULL, *sfull;\n" - "+\tu32 len1, len2, lenfull;\n" - "+\tint ret;\n" - "+\n" - "+\tif (fsec->sid == 0 || fsec->fown_sid == 0)\n" - "+\t\treturn ERR_PTR(-EINVAL);\n" - "+\n" - "+\tret = security_sid_to_context(fsec->sid, &s1, &len1);\n" - "+\tif (ret)\n" - "+\t\treturn ERR_PTR(ret);\n" - "+\tlen1--;\n" - "+\tret = security_sid_to_context(fsec->fown_sid, &s2, &len2);\n" - "+\tif (ret) {\n" - "+\t\tkfree(s1);\n" - "+\t\treturn ERR_PTR(ret);\n" - "+\t}\n" - "+\tlen2--;\n" - "+\tlenfull = len1+len2+3;\n" - "+\tsfull = kmalloc(lenfull+1, GFP_KERNEL);\n" - "+\tif (!sfull) {\n" - "+\t\tsfull = ERR_PTR(-ENOMEM);\n" - "+\t\tgoto out;\n" - "+\t}\n" - "+\tsfull[lenfull] = '\\0';\n" - "+\tsprintf(sfull, \"%s:::%s\", s1, s2);\n" - "+\n" - "+out:\n" - "+\tkfree(s1);\n" - "+\tkfree(s2);\n" - "+\treturn sfull;\n" - "+}\n" - "+\n" - "+static int selinux_file_restore(struct file *file, char *ctx)\n" - "+{\n" - "+\tchar *s1, *s2;\n" - "+\tu32 sid1 = 0, sid2 = 0;\n" - "+\tint ret = -EINVAL;\n" - "+\tstruct file_security_struct *fsec = file->f_security;\n" - "+\n" - "+\t/*\n" - "+\t * Objhash made sure the string is null-terminated.\n" - "+\t * We make a copy so we can mangle it.\n" - "+\t */\n" - "+\ts1 = kstrdup(ctx, GFP_KERNEL);\n" - "+\tif (!s1)\n" - "+\t\treturn -ENOMEM;\n" - "+\ts2 = strstr(s1, \":::\");\n" - "+\tif (!s2)\n" - "+\t\tgoto out;\n" - "+\n" - "+\t*s2 = '\\0';\n" - "+\ts2 += 3;\n" - "+\tif (*s2 == '\\0')\n" - "+\t\tgoto out;\n" - "+\n" - "+\t/* SECSID_NULL is not valid for file sids */\n" - "+\tif (strlen(s1) == 0 || strlen(s2) == 0)\n" - "+\t\tgoto out;\n" - "+\n" - "+\tret = security_context_to_sid(s1, strlen(s1), &sid1);\n" - "+\tif (ret)\n" - "+\t\tgoto out;\n" - "+\tret = security_context_to_sid(s2, strlen(s2), &sid2);\n" - "+\tif (ret)\n" - "+\t\tgoto out;\n" - "+\n" - "+\tif (sid1 && fsec->sid != sid1) {\n" - "+\t\tret = avc_has_perm(current_sid(), sid1, SECCLASS_FILE,\n" - "+\t\t\t\t\tFILE__RESTORE, NULL);\n" - "+\t\tif (ret)\n" - "+\t\t\tgoto out;\n" - "+\t\tfsec->sid = sid1;\n" - "+\t}\n" - "+\n" - "+\tif (sid2 && fsec->fown_sid != sid2) {\n" - "+\t\tret = avc_has_perm(current_sid(), sid2, SECCLASS_FILE,\n" - "+\t\t\t\tFILE__FOWN_RESTORE, NULL);\n" - "+\t\tif (ret)\n" - "+\t\t\tgoto out;\n" - "+\t fsec->fown_sid = sid2;\n" - "+\t}\n" - "+\n" - "+\tret = 0;\n" - "+\n" - "+out:\n" - "+\tkfree(s1);\n" - "+\treturn ret;\n" - "+}\n" - "+\n" - " static int selinux_file_alloc_security(struct file *file)\n" - " {\n" - " \treturn file_alloc_security(file);\n" - "@@ -3219,6 +3318,187 @@ static int selinux_task_create(unsigned long clone_flags)\n" - " \treturn current_has_perm(current, PROCESS__FORK);\n" - " }\n" - " \n" - "+#define NUMTASKSIDS 6\n" - "+/*\n" - "+ * for cred context, we print:\n" - "+ * osid, sid, exec_sid, create_sid, keycreate_sid, sockcreate_sid;\n" - "+ * as string representations, separated by ':::'\n" - "+ */\n" - "+static char *selinux_cred_checkpoint(void *security)\n" - "+{\n" - "+\tstruct task_security_struct *tsec = security;\n" - "+\tchar *stmp, *sfull = NULL;\n" - "+\tu32 slen, runlen;\n" - "+\tint i, ret;\n" - "+\tu32 sids[NUMTASKSIDS] = { tsec->osid, tsec->sid, tsec->exec_sid,\n" - "+\t\ttsec->create_sid, tsec->keycreate_sid, tsec->sockcreate_sid };\n" - "+\n" - "+\tif (sids[0] == 0 || sids[1] == 0)\n" - "+\t\t/* SECSID_NULL is not valid for osid or sid */\n" - "+\t\treturn ERR_PTR(-EINVAL);\n" - "+\n" - "+\tret = security_sid_to_context(sids[0], &sfull, &runlen);\n" - "+\tif (ret)\n" - "+\t\treturn ERR_PTR(ret);\n" - "+\trunlen--;\n" - "+\n" - "+\tfor (i = 1; i < NUMTASKSIDS; i++) {\n" - "+\t\tif (sids[i] == 0) {\n" - "+\t\t\tstmp = NULL;\n" - "+\t\t\tslen = 0;\n" - "+\t\t} else {\n" - "+\t\t\tret = security_sid_to_context(sids[i], &stmp, &slen);\n" - "+\t\t\tif (ret) {\n" - "+\t\t\t\tkfree(sfull);\n" - "+\t\t\t\treturn ERR_PTR(ret);\n" - "+\t\t\t}\n" - "+\t\t\tslen--;\n" - "+\t\t}\n" - "+\t\t/* slen + runlen + ':::' + \\0 */\n" - "+\t\tif (slen) {\n" - "+\t\t\tsfull = krealloc(sfull, slen + runlen + 3 + 1, GFP_KERNEL);\n" - "+\t\t\tif (!sfull) {\n" - "+\t\t\t\tkfree(stmp);\n" - "+\t\t\t\treturn ERR_PTR(-ENOMEM);\n" - "+\t\t\t}\n" - "+\t\t}\n" - "+\t\tsprintf(sfull+runlen, \":::%s\", stmp ? stmp : \"\");\n" - "+\t\trunlen += slen + 3;\n" - "+\t\tkfree(stmp);\n" - "+\t}\n" - "+\n" - "+\treturn sfull;\n" - "+}\n" - "+\n" - "+static inline int credrestore_nullvalid(int which)\n" - "+{\n" - "+\tint valid_array[NUMTASKSIDS] = {\n" - "+\t\t0, /* task osid */\n" - "+\t\t0, /* task sid */\n" - "+\t\t1, /* exec sid */\n" - "+\t\t1, /* create sid */\n" - "+\t\t1, /* keycreate_sid */\n" - "+\t\t1, /* sockcreate_sid */\n" - "+\t};\n" - "+\n" - "+\treturn valid_array[which];\n" - "+}\n" - "+\n" - "+static int selinux_cred_restore(struct file *file, struct cred *cred,\n" - "+\t\t\t\t\tchar *ctx)\n" - "+{\n" - "+\tchar *s, *s1, *s2 = NULL;\n" - "+\tint ret = -EINVAL;\n" - "+\tstruct task_security_struct *tsec = cred->security;\n" - "+\tint i;\n" - "+\tu32 sids[NUMTASKSIDS];\n" - "+\tstruct inode *ctx_inode = file->f_dentry->d_inode;\n" - "+\tstruct avc_audit_data ad;\n" - "+\n" - "+\t/*\n" - "+\t * objhash made sure the string is null-terminated\n" - "+\t * now we want our own copy so we can chop it up with \\0's\n" - "+\t */\n" - "+\ts = kstrdup(ctx, GFP_KERNEL);\n" - "+\tif (!s)\n" - "+\t\treturn -ENOMEM;\n" - "+\n" - "+\ts1 = s;\n" - "+\tfor (i = 0; i < NUMTASKSIDS; i++) {\n" - "+\t\tif (i < NUMTASKSIDS-1) {\n" - "+\t\t\tret = -EINVAL;\n" - "+\t\t\ts2 = strstr(s1, \":::\");\n" - "+\t\t\tif (!s2)\n" - "+\t\t\t\tgoto out;\n" - "+\t\t\t*s2 = '\\0';\n" - "+\t\t\ts2 += 3;\n" - "+\t\t}\n" - "+\t\tif (strlen(s1) == 0) {\n" - "+\t\t\tret = -EINVAL;\n" - "+\t\t\tif (credrestore_nullvalid(i))\n" - "+\t\t\t\tsids[i] = 0;\n" - "+\t\t\telse\n" - "+\t\t\t\tgoto out;\n" - "+\t\t} else {\n" - "+\t\t\tret = security_context_to_sid(s1, strlen(s1), &sids[i]);\n" - "+\t\t\tif (ret)\n" - "+\t\t\t\tgoto out;\n" - "+\t\t}\n" - "+\t\ts1 = s2;\n" - "+\t}\n" - "+\n" - "+\t/*\n" - "+\t * Check that these transitions are allowed, and effect them.\n" - "+\t * XXX: Do these checks suffice?\n" - "+\t */\n" - "+\tif (tsec->osid != sids[0]) {\n" - "+\t\tret = avc_has_perm(current_sid(), sids[0], SECCLASS_PROCESS,\n" - "+\t\t\t\t\tPROCESS__RESTORE, NULL);\n" - "+\t\tif (ret)\n" - "+\t\t\tgoto out;\n" - "+\t\t tsec->osid = sids[0];\n" - "+\t}\n" - "+\n" - "+\tif (tsec->sid != sids[1]) {\n" - "+\t\tstruct inode_security_struct *isec;\n" - "+\t\tret = avc_has_perm(current_sid(), sids[1], SECCLASS_PROCESS,\n" - "+\t\t\t\t\tPROCESS__RESTORE, NULL);\n" - "+\t\tif (ret)\n" - "+\t\t\tgoto out;\n" - "+\n" - "+\t\t/* check whether checkpoint file type is a valid entry\n" - "+\t\t * point to the new domain: we may want a specific\n" - "+\t\t * 'restore_entrypoint' permission for this, but let's\n" - "+\t\t * see if just entrypoint is deemed sufficient\n" - "+\t\t */\n" - "+\n" - "+\t\tAVC_AUDIT_DATA_INIT(&ad, FS);\n" - "+\t\tad.u.fs.path = file->f_path;\n" - "+\n" - "+\t\tisec = ctx_inode->i_security;\n" - "+\t\tret = avc_has_perm(sids[1], isec->sid, SECCLASS_FILE,\n" - "+\t\t\t\tFILE__ENTRYPOINT, &ad);\n" - "+\t\tif (ret)\n" - "+\t\t\tgoto out;\n" - "+\t\t/* TODO: do we need to check for shared state? */\n" - "+\t\ttsec->sid = sids[1];\n" - "+\t}\n" - "+\n" - "+\tret = -EPERM;\n" - "+\tif (sids[2] != tsec->exec_sid) {\n" - "+\t\tif (!current_has_perm(current, PROCESS__SETEXEC))\n" - "+\t\t\tgoto out;\n" - "+\t\ttsec->exec_sid = sids[2];\n" - "+\t}\n" - "+\n" - "+\tif (sids[3] != tsec->create_sid) {\n" - "+\t\tif (!current_has_perm(current, PROCESS__SETFSCREATE))\n" - "+\t\t\tgoto out;\n" - "+\t\ttsec->create_sid = sids[3];\n" - "+\t}\n" - "+\n" - "+\tif (tsec->keycreate_sid != sids[4]) {\n" - "+\t\tif (!current_has_perm(current, PROCESS__SETKEYCREATE))\n" - "+\t\t\tgoto out;\n" - "+\t\tif (!may_create_key(sids[4], current))\n" - "+\t\t\tgoto out;\n" - "+\t\ttsec->keycreate_sid = sids[4];\n" - "+\t}\n" - "+\n" - "+\tif (tsec->sockcreate_sid != sids[5]) {\n" - "+\t\tif (!current_has_perm(current, PROCESS__SETSOCKCREATE))\n" - "+\t\t\tgoto out;\n" - "+\t\ttsec->sockcreate_sid = sids[5];\n" - "+\t}\n" - "+\n" - "+\tret = 0;\n" - "+\n" - "+out:\n" - "+\tkfree(s);\n" - "+\treturn ret;\n" - "+}\n" - "+\n" - "+\n" - " /*\n" - " * detach and free the LSM part of a set of credentials\n" - " */\n" - "@@ -4658,6 +4938,44 @@ static void ipc_free_security(struct kern_ipc_perm *perm)\n" - " \tkfree(isec);\n" - " }\n" - " \n" - "+static char *selinux_msg_msg_checkpoint(void *security)\n" - "+{\n" - "+\tstruct msg_security_struct *msec = security;\n" - "+\tchar *s;\n" - "+\tu32 len;\n" - "+\tint ret;\n" - "+\n" - "+\tif (msec->sid == 0)\n" - "+\t\treturn ERR_PTR(-EINVAL);\n" - "+\n" - "+\tret = security_sid_to_context(msec->sid, &s, &len);\n" - "+\tif (ret)\n" - "+\t\treturn ERR_PTR(ret);\n" - "+\treturn s;\n" - "+}\n" - "+\n" - "+static int selinux_msg_msg_restore(struct msg_msg *msg, char *ctx)\n" - "+{\n" - "+\tstruct msg_security_struct *msec = msg->security;\n" - "+\tint ret;\n" - "+\tu32 sid = 0;\n" - "+\n" - "+\tret = security_context_to_sid(ctx, strlen(ctx), &sid);\n" - "+\tif (ret)\n" - "+\t\treturn ret;\n" - "+\n" - "+\tif (msec->sid == sid)\n" - "+\t\treturn 0;\n" - "+\n" - "+\tret = avc_has_perm(current_sid(), sid, SECCLASS_MSG,\n" - "+\t\t\t\tMSG__RESTORE, NULL);\n" - "+\tif (ret)\n" - "+\t\treturn ret;\n" - "+\n" - "+\tmsec->sid = sid;\n" - "+\treturn 0;\n" - "+}\n" - "+\n" - " static int msg_msg_alloc_security(struct msg_msg *msg)\n" - " {\n" - " \tstruct msg_security_struct *msec;\n" - "@@ -5061,6 +5379,47 @@ static void selinux_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid)\n" - " \t*secid = isec->sid;\n" - " }\n" - " \n" - "+static char *selinux_ipc_checkpoint(void *security)\n" - "+{\n" - "+\tstruct ipc_security_struct *isec = security;\n" - "+\tchar *s;\n" - "+\tu32 len;\n" - "+\tint ret;\n" - "+\n" - "+\tif (isec->sid == 0)\n" - "+\t\treturn ERR_PTR(-EINVAL);\n" - "+\n" - "+\tret = security_sid_to_context(isec->sid, &s, &len);\n" - "+\tif (ret)\n" - "+\t\treturn ERR_PTR(ret);\n" - "+\treturn s;\n" - "+}\n" - "+\n" - "+static int selinux_ipc_restore(struct kern_ipc_perm *ipcp, char *ctx)\n" - "+{\n" - "+\tstruct ipc_security_struct *isec = ipcp->security;\n" - "+\tint ret;\n" - "+\tu32 sid = 0;\n" - "+\tstruct avc_audit_data ad;\n" - "+\n" - "+\tret = security_context_to_sid(ctx, strlen(ctx), &sid);\n" - "+\tif (ret)\n" - "+\t\treturn ret;\n" - "+\n" - "+\tif (isec->sid == sid)\n" - "+\t\treturn 0;\n" - "+\n" - "+\tAVC_AUDIT_DATA_INIT(&ad, IPC);\n" - "+\tad.u.ipc_id = ipcp->key;\n" - "+\tret = avc_has_perm(current_sid(), sid, SECCLASS_IPC,\n" - "+\t\t\t\tIPC__RESTORE, &ad);\n" - "+\tif (ret)\n" - "+\t\treturn ret;\n" - "+\n" - "+\tisec->sid = sid;\n" - "+\treturn 0;\n" - "+}\n" - "+\n" - " static void selinux_d_instantiate(struct dentry *dentry, struct inode *inode)\n" - " {\n" - " \tif (inode)\n" - "@@ -5382,6 +5741,8 @@ static struct security_operations selinux_ops = {\n" - " \t.inode_getsecid =\t\tselinux_inode_getsecid,\n" - " \n" - " \t.file_permission =\t\tselinux_file_permission,\n" - "+\t.file_checkpoint =\t\tselinux_file_checkpoint,\n" - "+\t.file_restore =\t\t\tselinux_file_restore,\n" - " \t.file_alloc_security =\t\tselinux_file_alloc_security,\n" - " \t.file_free_security =\t\tselinux_file_free_security,\n" - " \t.file_ioctl =\t\t\tselinux_file_ioctl,\n" - "@@ -5396,6 +5757,8 @@ static struct security_operations selinux_ops = {\n" - " \t.dentry_open =\t\t\tselinux_dentry_open,\n" - " \n" - " \t.task_create =\t\t\tselinux_task_create,\n" - "+\t.cred_checkpoint =\t\tselinux_cred_checkpoint,\n" - "+\t.cred_restore =\t\t\tselinux_cred_restore,\n" - " \t.cred_free =\t\t\tselinux_cred_free,\n" - " \t.cred_prepare =\t\t\tselinux_cred_prepare,\n" - " \t.kernel_act_as =\t\tselinux_kernel_act_as,\n" - "@@ -5417,8 +5780,12 @@ static struct security_operations selinux_ops = {\n" - " \n" - " \t.ipc_permission =\t\tselinux_ipc_permission,\n" - " \t.ipc_getsecid =\t\t\tselinux_ipc_getsecid,\n" - "+\t.ipc_checkpoint =\t\tselinux_ipc_checkpoint,\n" - "+\t.ipc_restore =\t\t\tselinux_ipc_restore,\n" - " \n" - " \t.msg_msg_alloc_security =\tselinux_msg_msg_alloc_security,\n" - "+\t.msg_msg_checkpoint =\t\tselinux_msg_msg_checkpoint,\n" - "+\t.msg_msg_restore =\t\tselinux_msg_msg_restore,\n" - " \t.msg_msg_free_security =\tselinux_msg_msg_free_security,\n" - " \n" - " \t.msg_queue_alloc_security =\tselinux_msg_queue_alloc_security,\n" - "diff --git a/security/selinux/include/av_perm_to_string.h b/security/selinux/include/av_perm_to_string.h\n" - "index 31df1d7..a2c35d7 100644\n" - "--- a/security/selinux/include/av_perm_to_string.h\n" - "+++ b/security/selinux/include/av_perm_to_string.h\n" - "@@ -19,6 +19,8 @@\n" - " S_(SECCLASS_FILE, FILE__ENTRYPOINT, \"entrypoint\")\n" - " S_(SECCLASS_FILE, FILE__EXECMOD, \"execmod\")\n" - " S_(SECCLASS_FILE, FILE__OPEN, \"open\")\n" - "+ S_(SECCLASS_FILE, FILE__RESTORE, \"restore\")\n" - "+ S_(SECCLASS_FILE, FILE__FOWN_RESTORE, \"fown_restore\")\n" - " S_(SECCLASS_CHR_FILE, CHR_FILE__EXECUTE_NO_TRANS, \"execute_no_trans\")\n" - " S_(SECCLASS_CHR_FILE, CHR_FILE__ENTRYPOINT, \"entrypoint\")\n" - " S_(SECCLASS_CHR_FILE, CHR_FILE__EXECMOD, \"execmod\")\n" - "@@ -88,9 +90,11 @@\n" - " S_(SECCLASS_PROCESS, PROCESS__EXECHEAP, \"execheap\")\n" - " S_(SECCLASS_PROCESS, PROCESS__SETKEYCREATE, \"setkeycreate\")\n" - " S_(SECCLASS_PROCESS, PROCESS__SETSOCKCREATE, \"setsockcreate\")\n" - "+ S_(SECCLASS_PROCESS, PROCESS__RESTORE, \"restore\")\n" - " S_(SECCLASS_MSGQ, MSGQ__ENQUEUE, \"enqueue\")\n" - " S_(SECCLASS_MSG, MSG__SEND, \"send\")\n" - " S_(SECCLASS_MSG, MSG__RECEIVE, \"receive\")\n" - "+ S_(SECCLASS_MSG, MSG__RESTORE, \"restore\")\n" - " S_(SECCLASS_SHM, SHM__LOCK, \"lock\")\n" - " S_(SECCLASS_SECURITY, SECURITY__COMPUTE_AV, \"compute_av\")\n" - " S_(SECCLASS_SECURITY, SECURITY__COMPUTE_CREATE, \"compute_create\")\n" - "@@ -107,6 +111,7 @@\n" - " S_(SECCLASS_SYSTEM, SYSTEM__SYSLOG_READ, \"syslog_read\")\n" - " S_(SECCLASS_SYSTEM, SYSTEM__SYSLOG_MOD, \"syslog_mod\")\n" - " S_(SECCLASS_SYSTEM, SYSTEM__SYSLOG_CONSOLE, \"syslog_console\")\n" - "+ S_(SECCLASS_IPC, IPC__RESTORE, \"restore\")\n" - " S_(SECCLASS_CAPABILITY, CAPABILITY__CHOWN, \"chown\")\n" - " S_(SECCLASS_CAPABILITY, CAPABILITY__DAC_OVERRIDE, \"dac_override\")\n" - " S_(SECCLASS_CAPABILITY, CAPABILITY__DAC_READ_SEARCH, \"dac_read_search\")\n" - "diff --git a/security/selinux/include/av_permissions.h b/security/selinux/include/av_permissions.h\n" - "index d645192..58ad588 100644\n" - "--- a/security/selinux/include/av_permissions.h\n" - "+++ b/security/selinux/include/av_permissions.h\n" - "@@ -101,6 +101,8 @@\n" - " #define FILE__ENTRYPOINT 0x00040000UL\n" - " #define FILE__EXECMOD 0x00080000UL\n" - " #define FILE__OPEN 0x00100000UL\n" - "+#define FILE__RESTORE 0x00200000UL\n" - "+#define FILE__FOWN_RESTORE 0x00400000UL\n" - " #define LNK_FILE__IOCTL 0x00000001UL\n" - " #define LNK_FILE__READ 0x00000002UL\n" - " #define LNK_FILE__WRITE 0x00000004UL\n" - "@@ -453,6 +455,7 @@\n" - " #define PROCESS__EXECHEAP 0x08000000UL\n" - " #define PROCESS__SETKEYCREATE 0x10000000UL\n" - " #define PROCESS__SETSOCKCREATE 0x20000000UL\n" - "+#define PROCESS__RESTORE\t 0x40000000UL\n" - " #define IPC__CREATE 0x00000001UL\n" - " #define IPC__DESTROY 0x00000002UL\n" - " #define IPC__GETATTR 0x00000004UL\n" - "@@ -462,6 +465,7 @@\n" - " #define IPC__ASSOCIATE 0x00000040UL\n" - " #define IPC__UNIX_READ 0x00000080UL\n" - " #define IPC__UNIX_WRITE 0x00000100UL\n" - "+#define IPC__RESTORE 0x00000200UL\n" - " #define SEM__CREATE 0x00000001UL\n" - " #define SEM__DESTROY 0x00000002UL\n" - " #define SEM__GETATTR 0x00000004UL\n" - "@@ -483,6 +487,7 @@\n" - " #define MSGQ__ENQUEUE 0x00000200UL\n" - " #define MSG__SEND 0x00000001UL\n" - " #define MSG__RECEIVE 0x00000002UL\n" - "+#define MSG__RESTORE 0x00000004UL\n" - " #define SHM__CREATE 0x00000001UL\n" - " #define SHM__DESTROY 0x00000002UL\n" - " #define SHM__GETATTR 0x00000004UL\n" - "-- \n" - 1.6.1 + -serge -9041689b4d10878ff9ed6c68f0bdb942d909a3e577da06f7ea081fcfaf666893 +e3c4eff7f3ee8a6b786a31fe7dfc8d0fcefe36a8b5ab0d4ba58badd8d4c5242c
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.